Skip to content
/ ExecutePeFromPngViaLNK Public

Extract and execute a PE embedded within a PNG file using an LNK file.

License

MIT license
229 stars 32 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Maldev-Academy/ExecutePeFromPngViaLNK

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
Test
Test
 
 
FeatureToastBulldogImg.png
FeatureToastBulldogImg.png
 
 
InsertPeIntoPng.py
InsertPeIntoPng.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ExecutePeFromPngViaLNK

Extract and execute a PE embedded within a PNG file using an LNK file. The PE file is encrypted using a single-key XOR algorithm and then injected as an IDAT section to the end of a specified PNG file.

Quick Links

Maldev Academy Home

Maldev Academy Syllabus

Maldev Academy Pricing


Usage

  1. Use InsertPeIntoPng.py to create the embedded PNG file and generate the extraction LNK file:

image

The generated LNK file will have the icon of a PDF file by default, and it will expect the embedded PNG file to be in the same directory when executed. PE files will be stored under the %TEMP% directory for execution.

image


Demo - Executing Dll

DllToPngExecViaLNK.mp4

Demo - Executing Exe

ExeToPngExecViaLNK.mp4

About

Extract and execute a PE embedded within a PNG file using an LNK file.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

229 stars

Watchers

2 watching

Forks

32 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages